libkern/os/overflow.h

   1 /*
   2  * Copyright (c) 2015 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. The rights granted to you under the License
  10  * may not be used to create, or enable the creation or redistribution of,
  11  * unlawful or unlicensed copies of an Apple operating system, or to
  12  * circumvent, violate, or enable the circumvention or violation of, any
  13  * terms of an Apple operating system software license agreement.
  14  *
  15  * Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  17  *
  18  * The Original Code and all software distributed under the License are
  19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  23  * Please see the License for the specific language governing rights and
  24  * limitations under the License.
  25  *
  26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  27  */
  28
  29 /*
  30  * Facilities for performing type- and overflow-checked arithmetic. These
  31  * functions return non-zero if overflow occured, zero otherwise. In either case,
  32  * the potentially overflowing operation is fully performed, mod the size of the
  33  * output type. See:
  34  * http://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins
  35  * for full details.
  36  *
  37  * The compiler enforces that users of os_*_overflow() check the return value to
  38  * determine whether overflow occured.
  39  */
  40
  41 #ifndef _OS_OVERFLOW_H
  42 #define _OS_OVERFLOW_H
  43
  44 #include <sys/cdefs.h>
  45 #include <stdbool.h>
  46 #include <os/base.h>
  47
  48 bool __header_always_inline OS_WARN_RESULT
  49 __os_warn_unused(__const bool x)
  50 {
  51         return x;
  52 }
  53
  54 #if __has_builtin(__builtin_add_overflow) && \
  55     __has_builtin(__builtin_sub_overflow) && \
  56     __has_builtin(__builtin_mul_overflow)
  57
  58 #define os_add_overflow(a, b, res) __os_warn_unused(__builtin_add_overflow((a), (b), (res)))
  59 #define os_sub_overflow(a, b, res) __os_warn_unused(__builtin_sub_overflow((a), (b), (res)))
  60 #define os_mul_overflow(a, b, res) __os_warn_unused(__builtin_mul_overflow((a), (b), (res)))
  61
  62 #else
  63
  64 /* compile-time assertion that 'x' and 'y' are equivalent types */
  65 #ifdef __cplusplus
  66 #define __OS_TYPE_CHECK(x, y) do { \
  67         __typeof__(x) _x; \
  68         __typeof__(y) _y; \
  69         (void)(&_x == &_y, "overflow arithmetic: incompatible types"); \
  70 } while (0)
  71 #else
  72 #define __OS_TYPE_CHECK(x, y) do { \
  73         _Static_assert(__builtin_types_compatible_p(__typeof(x),__typeof(y)), \
  74                         "overflow arithmetic: incompatible types"); \
  75 } while (0)
  76 #endif
  77
  78 #define __os_add_overflow_func(T,U,V) _Generic((T), \
  79                 unsigned:           __builtin_uadd_overflow, \
  80                 unsigned long:      __builtin_uaddl_overflow, \
  81                 unsigned long long: __builtin_uaddll_overflow, \
  82                 int:                __builtin_sadd_overflow, \
  83                 long:               __builtin_saddl_overflow, \
  84                 long long:          __builtin_saddll_overflow \
  85         )(T,U,V)
  86
  87 #define __os_sub_overflow_func(T,U,V) _Generic((T), \
  88                 unsigned:           __builtin_usub_overflow, \
  89                 unsigned long:      __builtin_usubl_overflow, \
  90                 unsigned long long: __builtin_usubll_overflow, \
  91                 int:                __builtin_ssub_overflow, \
  92                 long:               __builtin_ssubl_overflow, \
  93                 long long:          __builtin_ssubll_overflow \
  94         )(T,U,V)
  95
  96 #define __os_mul_overflow_func(T,U,V) _Generic((T), \
  97                 unsigned:           __builtin_umul_overflow, \
  98                 unsigned long:      __builtin_umull_overflow, \
  99                 unsigned long long: __builtin_umulll_overflow, \
 100                 int:                __builtin_smul_overflow, \
 101                 long:               __builtin_smull_overflow, \
 102                 long long:          __builtin_smulll_overflow \
 103         )(T,U,V)
 104
 105 #define os_add_overflow(a, b, res) __os_warn_unused(__extension__({ \
 106         __OS_TYPE_CHECK((a), (b)); \
 107         __OS_TYPE_CHECK((b), *(res)); \
 108         __os_add_overflow_func((a), (b), (res)); \
 109 }))
 110
 111 #define os_sub_overflow(a, b, res) __os_warn_unused(__extension__({ \
 112         __OS_TYPE_CHECK((a), (b)); \
 113         __OS_TYPE_CHECK((b), *(res)); \
 114         __os_sub_overflow_func((a), (b), (res)); \
 115 }))
 116
 117 #define os_mul_overflow(a, b, res) __os_warn_unused(__extension__({ \
 118         __OS_TYPE_CHECK((a), (b)); \
 119         __OS_TYPE_CHECK((b), *(res)); \
 120         __os_mul_overflow_func((a), (b), (res)); \
 121 }))
 122
 123 #endif /* __has_builtin(...) */
 124
 125 /* os_add3_overflow(a, b, c) -> (a + b + c) */
 126 #define os_add3_overflow(a, b, c, res) __os_warn_unused(__extension__({ \
 127         __typeof(*(res)) _tmp; \
 128         bool _s, _t; \
 129         _s = os_add_overflow((a), (b), &_tmp); \
 130         _t = os_add_overflow((c), _tmp, (res)); \
 131         _s | _t; \
 132 }))
 133
 134 /* os_mul3_overflow(a, b, c) -> (a * b * c) */
 135 #define os_mul3_overflow(a, b, c, res) __os_warn_unused(__extension__({ \
 136         __typeof(*(res)) _tmp; \
 137         bool _s, _t; \
 138         _s = os_mul_overflow((a), (b), &_tmp); \
 139         _t = os_mul_overflow((c), _tmp, (res)); \
 140         _s | _t; \
 141 }))
 142
 143 /* os_add_and_mul_overflow(a, b, x) -> (a + b)*x */
 144 #define os_add_and_mul_overflow(a, b, x, res) __os_warn_unused(__extension__({ \
 145         __typeof(*(res)) _tmp; \
 146         bool _s, _t; \
 147         _s = os_add_overflow((a), (b), &_tmp); \
 148         _t = os_mul_overflow((x), _tmp, (res)); \
 149         _s | _t; \
 150 }))
 151
 152 /* os_mul_and_add_overflow(a, x, b) -> a*x + b */
 153 #define os_mul_and_add_overflow(a, x, b, res) __os_warn_unused(__extension__({ \
 154         __typeof(*(res)) _tmp; \
 155         bool _s, _t; \
 156         _s = os_mul_overflow((a), (x), &_tmp); \
 157         _t = os_add_overflow((b), _tmp, (res)); \
 158         _s | _t; \
 159 }))
 160
 161 #define os_convert_overflow(a, res) os_add_overflow((a), 0, (res))
 162
 163 #endif /* _OS_OVERFLOW_H */